Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1426

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2015-1426
Last Modified 24 Feb 2015 12:13:12
Published 23 Feb 2015 12:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-1426

Summary

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Vulnerable Systems

Application

  • Puppetlabs Facter 1.6.0

  • Puppetlabs Facter 1.6.1

  • Puppetlabs Facter 1.6.10

  • Puppetlabs Facter 1.6.11

  • Puppetlabs Facter 1.6.12

  • Puppetlabs Facter 1.6.13

  • Puppetlabs Facter 1.6.14

  • Puppetlabs Facter 1.6.15

  • Puppetlabs Facter 1.6.16

  • Puppetlabs Facter 1.6.17

  • Puppetlabs Facter 1.6.18

  • Puppetlabs Facter 1.6.2

  • Puppetlabs Facter 1.6.3

  • Puppetlabs Facter 1.6.4

  • Puppetlabs Facter 1.6.5

  • Puppetlabs Facter 1.6.6

  • Puppetlabs Facter 1.6.7

  • Puppetlabs Facter 1.6.8

  • Puppetlabs Facter 1.6.9

  • Puppetlabs Facter 1.7.0

  • Puppetlabs Facter 1.7.1

  • Puppetlabs Facter 1.7.2

  • Puppetlabs Facter 1.7.3

  • Puppetlabs Facter 1.7.4

  • Puppetlabs Facter 1.7.5

  • Puppetlabs Facter 1.7.6

  • Puppetlabs Facter 2.0.0

  • Puppetlabs Facter 2.0.1

  • Puppetlabs Facter 2.0.2

  • Puppetlabs Facter 2.1.0

  • Puppetlabs Facter 2.2.0

  • Puppetlabs Facter 2.3.0

  • Puppetlabs Facter 2.4.0


References

CONFIRM - http://puppetlabs.com/security/cve/cve-2015-1426


Last Updated: 27 May 2016 11:07:54